| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability |
| Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
| Outlook for Windows Spoofing Vulnerability |
| Secure Boot Security Feature Bypass Vulnerability |
| Secure Boot Security Feature Bypass Vulnerability |
| Windows DNS Server Remote Code Execution Vulnerability |
| Secure Boot Security Feature Bypass Vulnerability |
| Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| Windows rndismp6.sys Remote Code Execution Vulnerability |
| Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability |
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them. |
| "IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper input validation. IBM X-Force ID: 235725." |
| A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information.
|
|
Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments.
|
| Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.
|
| Fedora CoreOS supports setting a GRUB bootloader password
using a Butane config. When this feature is enabled, GRUB requires a password to access the
GRUB command-line, modify kernel command-line arguments, or boot
non-default OSTree deployments. Recent Fedora CoreOS releases have a
misconfiguration which allows booting non-default OSTree deployments
without entering a password. This allows someone with access to the
GRUB menu to boot into an older version of Fedora CoreOS, reverting
any security fixes that have recently been applied to the machine. A
password is still required to modify kernel command-line arguments and
to access the GRUB command line.
|
| OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000. |
